Skip to content
Snippets Groups Projects
Commit 4de32274 authored by kaiyou's avatar kaiyou
Browse files

Add ip SAN and temporary storage

parent fceeb2a9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
pkg/pki/cert.go
+ 14
0
View file @ 4de32274
...@@ -7,6 +7,7 @@ import ( ...@@ -7,6 +7,7 @@ import (
"crypto/rand" "crypto/rand"
"crypto/x509" "crypto/x509"
"errors" "errors"
"io/ioutil"
) )
type Cert struct { type Cert struct {
...@@ -90,13 +91,26 @@ func (c *Certificate) Save() error { ...@@ -90,13 +91,26 @@ func (c *Certificate) Save() error {
return nil return nil
} }
// Ensure that the certificate has IO available
// Certificates without explicit IO will get a
// temporary directory
func (c *Certificate) ensureIO() {
if c.IO == nil {
dir, _ := ioutil.TempDir("/tmp", "cert-")
c.IO = FileIO{dir}
c.Save()
}
}
// Get the key file path // Get the key file path
func (c *Certificate) KeyPath() string { func (c *Certificate) KeyPath() string {
c.ensureIO()
return c.IO.Path(KeyType) return c.IO.Path(KeyType)
} }
// Get the certificate file path // Get the certificate file path
func (c *Certificate) CertPath() string { func (c *Certificate) CertPath() string {
c.ensureIO()
return c.IO.Path(CertType) return c.IO.Path(CertType)
} }
......
pkg/pki/templates.go
+ 13
5
View file @ 4de32274
...@@ -5,6 +5,7 @@ import ( ...@@ -5,6 +5,7 @@ import (
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"math/big" "math/big"
"net"
"time" "time"
) )
...@@ -30,18 +31,23 @@ func newTemplate() *x509.Certificate { ...@@ -30,18 +31,23 @@ func newTemplate() *x509.Certificate {
func NewCATemplate() *x509.Certificate { func NewCATemplate() *x509.Certificate {
template := newTemplate() template := newTemplate()
template.Subject = pkix.Name{} template.Subject = pkix.Name{}
template.KeyUsage = x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign template.KeyUsage = x509.KeyUsageCertSign | x509.KeyUsageCRLSign
template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
template.IsCA = true template.IsCA = true
return template return template
} }
func NewServerTemplate(names []string) *x509.Certificate { func NewServerTemplate(names []string, ips []net.IP) *x509.Certificate {
template := newTemplate() template := newTemplate()
template.Subject = pkix.Name{ template.Subject = pkix.Name{}
CommonName: names[0], if len(names) > 0 {
template.Subject.CommonName = names[0]
} else if len(ips) > 0 {
template.Subject.CommonName = ips[0].String()
} }
template.KeyUsage = x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
template.DNSNames = names template.DNSNames = names
template.IPAddresses = ips
return template return template
} }
...@@ -51,5 +57,7 @@ func NewClientTemplate(cn string, org string) *x509.Certificate { ...@@ -51,5 +57,7 @@ func NewClientTemplate(cn string, org string) *x509.Certificate {
CommonName: cn, CommonName: cn,
Organization: []string{org}, Organization: []string{org},
} }
template.KeyUsage = x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
return template return template
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment